diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 90df1fbbd35..509722bb7e4 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -563,6 +563,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Improve Santa module with `x509` ECS mappings {pull}20976[20976] - Improve Suricata Eve module with `x509` ECS mappings {pull}20973[20973] - Added new module for Zoom webhooks {pull}20414[20414] +- Add type and sub_type to panw panos fileset {pull}20912[20912] *Heartbeat* diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 8ec5edb4c9d..96c30c88871 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -96109,6 +96109,20 @@ type: keyword -- +*`panw.panos.type`*:: ++ +-- +Specifies the type of the log + +-- + +*`panw.panos.sub_type`*:: ++ +-- +Specifies the sub type of the log + +-- + [[exported-fields-postgresql]] == PostgreSQL fields diff --git a/x-pack/filebeat/module/panw/fields.go b/x-pack/filebeat/module/panw/fields.go index 313130fb135..927d5d4f226 100644 --- a/x-pack/filebeat/module/panw/fields.go +++ b/x-pack/filebeat/module/panw/fields.go @@ -19,5 +19,5 @@ func init() { // AssetPanw returns asset data. // This is the base64 encoded gzipped contents of module/panw. func AssetPanw() string { - return "eJzMmE1v4zYQhu/5FXNzC8S59ZJDgbSLAAHS1NjdoMcFTY4s1hRHOxzF1f76grQsa2060jrZILpZCvk+8/HyI3NYY3sNtfKbCwCx4rD/ZTBotrVY8tfw+wUAwF9kGodQEMNCOYIbJwQPKBvidYBfFjcP878//XoBUFh0JlynQXPwqtpPGx9pa7yGFVNTd28yYvG5TfNAwVSBlJjmgCpRXHV/NJSCAz0K+9c51eekv9MnTvKZoLcxg6NVuBqOPcIakHHjMKB8L9XhrbHdEJuDb88xAsCDqhCoSIxxcpBSCVRKdIkGpLQBAoZgyV9lgQI1rDHLc5SucZouaUKA/wl6k7CE6rnDJ3SdGNDyX9RydTA6l7Yh6Tfyh5xjuZtAHJ9PW6wo0NX7VNaGPNYLcqGOkve6UL3KD5B5ddhg8GxRJxItKMj84ebzrozKGMYQLsEWu1fxqw1QIxfEFZpjxtN1HmQ2B7gL4MTHCfzHEdwtcoD9KkKcy+MOxJFfvR5KFNvDZK1qMIj1Ks77Rn4dKL47034YsL0v5w7J3qN9h1Udenj4/mVGHrXyiJkneuhETHlXT/D1qLNfxjXB4ugNowonDH7WAeFzPBikOUHteg8EuYpYw8Jmgfz2sPNG602nduZaU2tVf7E5076CqRdKr1FAq1oaRrj7kAytQEpGdaqs8EJXT3GYpqpqvJU2H/qU8CemID5/7tRSBhxt5qUKZX9Kji3/21yaen9IP9FYhXVvdeqMUme2VAzuvH75w3rFLfTZ2XXKliagl8i7RFBeufYb5uuybFMs/1hnbi3HcfxkNebWt3yRs7lv2L1R6ht2Z2ZeK8EVcftz3Hyb+jXV4/Hjfdz+ZBYS++PH+147v43EsbuCXKYxT8jGaoG4sJa4rbDyBmzIToBWSmSYVcpZbakJs0uYrVi1G8U4uwRimC3R25WfjZnI0ebY9i/YLO7iccUrB76pkK0Ga9CLLSxy6mJUujw+wOQvlvi1Qa/xi2+qJXKWMbPRjgDe0wrQC7dDsnTltQGs14wVekHTyYtVzmXq+Ojt1wb3ITlaJaSRmLrFnvGZW/NZeY9dR7ztnCg1ZXM5gHrNNsj8s+OgEZLNf4Au/vipfH3WcmRDIKVPXqCmsMyPYG7ShCBqjb4n6D3yfwAAAP//PRbQnA==" + return "eJzMmM9u4zYQxu95irm5BeLcesmhQNpFgABpamw26DGgqbHEmuJoh6O42qcvSEu21qJtxU6C6GbJ5PebPx9JaQpLbK6hUm51ASBGLG5+Zeg1m0oMuWv4/QIA4C/KaouwIIaZsgQ3VggeUFbESw+/zG4epn8//noBsDBoM38dB03BqXI7bbikqfAacqa6au8kxMJ1G+eBBVMJUmCcA8pIcdX+qS8FO3rkt7dTqoekf9InjvKJoNcxg6XcX/XHDrB6ZFxb9Cg/S7V4S2xWxNnOs0OMAPCgSgRaRMYwOUihBEolusAMpDAePHpvyF0lgTzVrDHJM0jXcZo2aUKA/wm6LGIJVVOLL2hbMaD5v6jlamd0Km190h/kdjmP5W4Ecbge11hBoK33vqz1eYwT5IUaJO9toTYqryBzarfB4GBRRxLNyMv04eZbV0aVZYzeX4JZdLfCU+OhQl4Ql5gNGffXuZfZFGAXwJ6HI/iHEdzNUoCbVYQ4lccOxJLL3w4liG1hklbN0ItxKsz7QX7tKX46037psX0u5/bJPqN9+1Xte7h//zwjH7XyETOP9NCemNKuHuHro84+j2uExdFljMrvMfhJB4Rv4WAQ5wTV9R4Ichmw+oVNArn1YeeD1ptW7cS1ptKqejYp076BqWdKL1FAq0pqRrj7Eg2tQApGta+scKarxzhMU1nWzkiTDn1M+CNTEK4/O7WYAUuraaF8sTklh5b/bSp1tT2k72mshbEfdeoMUie2VAjutH75wzjFDWyy03XKmsajk8A7R1BO2eYHpusyb2Is/xib3RoO4/jFaEytb+kiJ3Nfs/2g1NdsT8y8VoI5cfM+br6N/Rrr8fT1Pmx/MvGR/enr/UY7vY2EsV1BLuOYF+TMaIGwsBa4rrByGRifnACNFMgwKZU12lDtJ5cwyVk1K8U4uQRimMzRmdxNjpnI0mpo+zM2i7twXHHKgqtLZKPBZOjELAxy7GJUuhgeYNIvlvi9Rqfx2dXlHDnJmNhojwDeUw7ohJs+WXzlNR6M04wlOsGslRejrE3U8cmZ7zVuQ7KUR6QjMbWLPeOBt+aT8h66jnjdOUFqzOayA/WWbZD42LHTCNHmr6ALP96Vb5O1FFkfSOm9L1BjWKYDmJs4IYhaotsQHPzmEtReKfJYoQ7ZXy9SYYLuo4+lPO2/ev58tpCv5wOx/wMAAP//TA8GjA==" } diff --git a/x-pack/filebeat/module/panw/panos/_meta/fields.yml b/x-pack/filebeat/module/panw/panos/_meta/fields.yml index 1508ec99aef..490befc3e65 100644 --- a/x-pack/filebeat/module/panw/panos/_meta/fields.yml +++ b/x-pack/filebeat/module/panw/panos/_meta/fields.yml @@ -136,3 +136,9 @@ type: keyword description: >- Action taken for the session. + - name: type + description: >- + Specifies the type of the log + - name: sub_type + description: >- + Specifies the sub type of the log diff --git a/x-pack/filebeat/module/panw/panos/config/input.yml b/x-pack/filebeat/module/panw/panos/config/input.yml index eece005ad00..ed3d089bb28 100644 --- a/x-pack/filebeat/module/panw/panos/config/input.yml +++ b/x-pack/filebeat/module/panw/panos/config/input.yml @@ -35,17 +35,18 @@ processors: - extract_array: field: csv overwrite_keys: true + omit_empty: true mappings: event.created: 1 observer.serial_number: 2 - _temp_.message_type: 3 - _temp_.message_subtype: 4 + panw.panos.type: 3 + panw.panos.sub_type: 4 _temp_.generated_time: 6 - extract_array: when: equals: - _temp_.message_type: TRAFFIC + panw.panos.type: TRAFFIC field: csv overwrite_keys: true omit_empty: true @@ -107,7 +108,7 @@ processors: - extract_array: when: equals: - _temp_.message_type: THREAT + panw.panos.type: THREAT field: csv omit_empty: true overwrite_keys: true diff --git a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml index 6e4b7f64d61..412ddeb5c58 100644 --- a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml +++ b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml @@ -134,72 +134,72 @@ processors: - set: field: network.direction value: inbound - if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.panw?.panos?.source?.zone == "untrust" && ctx?.panw?.panos?.destination?.zone == "trust"' + if: 'ctx?.panw?.panos?.type == "TRAFFIC" && ctx?.panw?.panos?.source?.zone == "untrust" && ctx?.panw?.panos?.destination?.zone == "trust"' - set: field: network.direction value: outbound - if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.panw?.panos?.source?.zone == "trust" && ctx?.panw?.panos?.destination?.zone == "untrust"' + if: 'ctx?.panw?.panos?.type == "TRAFFIC" && ctx?.panw?.panos?.source?.zone == "trust" && ctx?.panw?.panos?.destination?.zone == "untrust"' - set: field: network.direction value: internal - if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.panw?.panos?.source?.zone == "trust" && ctx?.panw?.panos?.destination?.zone == "trust"' + if: 'ctx?.panw?.panos?.type == "TRAFFIC" && ctx?.panw?.panos?.source?.zone == "trust" && ctx?.panw?.panos?.destination?.zone == "trust"' - set: field: network.direction value: external - if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.panw?.panos?.source?.zone == "untrust" && ctx?.panw?.panos?.destination?.zone == "untrust"' + if: 'ctx?.panw?.panos?.type == "TRAFFIC" && ctx?.panw?.panos?.source?.zone == "untrust" && ctx?.panw?.panos?.destination?.zone == "untrust"' - set: field: network.direction value: unknown - if: 'ctx?._temp_?.message_type == "TRAFFIC" && ((ctx?.panw?.panos?.source?.zone != "trust" && ctx?.panw?.panos?.source?.zone != "untrust") || (ctx?.panw?.panos?.destination?.zone != "trust" && ctx?.panw?.panos?.destination?.zone != "untrust"))' + if: 'ctx?.panw?.panos?.type == "TRAFFIC" && ((ctx?.panw?.panos?.source?.zone != "trust" && ctx?.panw?.panos?.source?.zone != "untrust") || (ctx?.panw?.panos?.destination?.zone != "trust" && ctx?.panw?.panos?.destination?.zone != "untrust"))' # Set network.direction from threat direction (Threat logs). - set: field: network.direction value: inbound - if: 'ctx?._temp_?.message_type == "THREAT" && (ctx?._temp_?.direction == "0" || ctx?._temp_?.direction == "client-to-server")' + if: 'ctx?.panw?.panos?.type == "THREAT" && (ctx?._temp_?.direction == "0" || ctx?._temp_?.direction == "client-to-server")' - set: field: network.direction value: outbound - if: 'ctx?._temp_?.message_type == "THREAT" && (ctx?._temp_?.direction == "1" || ctx?._temp_?.direction == "server-to-client")' + if: 'ctx?.panw?.panos?.type == "THREAT" && (ctx?._temp_?.direction == "1" || ctx?._temp_?.direction == "server-to-client")' - set: field: network.direction value: unknown - if: 'ctx?._temp_?.message_type == "THREAT" && ctx?.network?.direction == null' + if: 'ctx?.panw?.panos?.type == "THREAT" && ctx?.network?.direction == null' # Set network.type for TRAFFIC. - set: field: network.type value: 'ipv4' - if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.labels?.ipv6_session == null' + if: 'ctx?.panw?.panos?.type == "TRAFFIC" && ctx?.labels?.ipv6_session == null' - set: field: network.type value: 'ipv6' - if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.labels?.ipv6_session != null' + if: 'ctx?.panw?.panos?.type == "TRAFFIC" && ctx?.labels?.ipv6_session != null' # Set event.category depending on log type. - set: field: event.kind value: event - if: 'ctx?._temp_?.message_type == "TRAFFIC"' + if: 'ctx?.panw?.panos?.type == "TRAFFIC"' - append: field: event.category value: - network_traffic - network - if: 'ctx?._temp_?.message_type == "TRAFFIC"' + if: 'ctx?.panw?.panos?.type == "TRAFFIC"' - set: field: event.kind value: alert - if: 'ctx?._temp_?.message_type == "THREAT"' + if: 'ctx?.panw?.panos?.type == "THREAT"' - append: field: event.category value: - security_threat - intrusion_detection - network - if: 'ctx?._temp_?.message_type == "THREAT"' + if: 'ctx?.panw?.panos?.type == "THREAT"' - append: field: event.type value: allowed @@ -217,89 +217,89 @@ processors: - set: field: event.action value: flow_started - if: 'ctx?._temp_?.message_subtype == "start"' + if: 'ctx?.panw?.panos?.sub_type == "start"' - append: field: event.type value: - start - connection - if: 'ctx?._temp_?.message_subtype == "start"' + if: 'ctx?.panw?.panos?.sub_type == "start"' - set: field: event.action value: flow_terminated - if: 'ctx?._temp_?.message_subtype == "end"' + if: 'ctx?.panw?.panos?.sub_type == "end"' - append: field: event.type value: - end - connection - if: 'ctx?._temp_?.message_subtype == "end"' + if: 'ctx?.panw?.panos?.sub_type == "end"' - set: field: event.action value: flow_dropped - if: 'ctx?._temp_?.message_subtype == "drop"' + if: 'ctx?.panw?.panos?.sub_type == "drop"' - append: field: event.type value: - denied - connection - if: 'ctx?._temp_?.message_subtype == "drop"' + if: 'ctx?.panw?.panos?.sub_type == "drop"' - set: field: event.action value: flow_denied - if: 'ctx?._temp_?.message_subtype == "deny"' + if: 'ctx?.panw?.panos?.sub_type == "deny"' - append: field: event.type value: - denied - connection - if: 'ctx?._temp_?.message_subtype == "deny"' + if: 'ctx?.panw?.panos?.sub_type == "deny"' # event.action for threat logs. - set: field: event.action value: data_match - if: 'ctx?._temp_?.message_subtype == "data"' + if: 'ctx?.panw?.panos?.sub_type == "data"' - set: field: event.action value: file_match - if: 'ctx?._temp_?.message_subtype == "file"' + if: 'ctx?.panw?.panos?.sub_type == "file"' - set: field: event.action value: flood_detected - if: 'ctx?._temp_?.message_subtype == "flood"' + if: 'ctx?.panw?.panos?.sub_type == "flood"' - set: field: event.action value: packet_attack - if: 'ctx?._temp_?.message_subtype == "packet"' + if: 'ctx?.panw?.panos?.sub_type == "packet"' - set: field: event.action value: scan_detected - if: 'ctx?._temp_?.message_subtype == "scan"' + if: 'ctx?.panw?.panos?.sub_type == "scan"' - set: field: event.action value: spyware_detected - if: 'ctx?._temp_?.message_subtype == "spyware"' + if: 'ctx?.panw?.panos?.sub_type == "spyware"' - set: field: event.action value: url_filtering - if: 'ctx?._temp_?.message_subtype == "url"' + if: 'ctx?.panw?.panos?.sub_type == "url"' - set: field: event.action value: virus_detected - if: 'ctx?._temp_?.message_subtype == "virus"' + if: 'ctx?.panw?.panos?.sub_type == "virus"' - set: field: event.action value: exploit_detected - if: 'ctx?._temp_?.message_subtype == "vulnerability"' + if: 'ctx?.panw?.panos?.sub_type == "vulnerability"' - set: field: event.action value: wildfire_verdict - if: 'ctx?._temp_?.message_subtype == "wildfire"' + if: 'ctx?.panw?.panos?.sub_type == "wildfire"' - set: field: event.action value: wildfire_virus_detected - if: 'ctx?._temp_?.message_subtype == "wildfire-virus"' + if: 'ctx?.panw?.panos?.sub_type == "wildfire-virus"' # Set numeric log.level from event.severity. diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json index c4d59a09d91..96530ab70f3 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json @@ -13,6 +13,8 @@ "observer.serial_number": "1606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "0", + "panw.panos.type": "CONFIG", "service.type": "panw", "tags": [ "pan-os", @@ -33,6 +35,8 @@ "observer.serial_number": "1606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "0", + "panw.panos.type": "CONFIG", "service.type": "panw", "tags": [ "pan-os", @@ -53,6 +57,8 @@ "observer.serial_number": "1606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "0", + "panw.panos.type": "CONFIG", "service.type": "panw", "tags": [ "pan-os", @@ -73,6 +79,8 @@ "observer.serial_number": "1606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "routing", + "panw.panos.type": "SYSTEM", "service.type": "panw", "tags": [ "pan-os", @@ -93,6 +101,8 @@ "observer.serial_number": "1606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "vpn", + "panw.panos.type": "SYSTEM", "service.type": "panw", "tags": [ "pan-os", @@ -113,6 +123,8 @@ "observer.serial_number": "1606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "routing", + "panw.panos.type": "SYSTEM", "service.type": "panw", "tags": [ "pan-os", @@ -133,6 +145,8 @@ "observer.serial_number": "1606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "ras", + "panw.panos.type": "SYSTEM", "service.type": "panw", "tags": [ "pan-os", @@ -153,6 +167,8 @@ "observer.serial_number": "1606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "0", + "panw.panos.type": "CONFIG", "service.type": "panw", "tags": [ "pan-os", @@ -173,6 +189,8 @@ "observer.serial_number": "1606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "0", + "panw.panos.type": "CONFIG", "service.type": "panw", "tags": [ "pan-os", @@ -193,6 +211,8 @@ "observer.serial_number": "1606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "routing", + "panw.panos.type": "SYSTEM", "service.type": "panw", "tags": [ "pan-os", @@ -213,6 +233,8 @@ "observer.serial_number": "1606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "vpn", + "panw.panos.type": "SYSTEM", "service.type": "panw", "tags": [ "pan-os", @@ -233,6 +255,8 @@ "observer.serial_number": "1606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "routing", + "panw.panos.type": "SYSTEM", "service.type": "panw", "tags": [ "pan-os", @@ -253,6 +277,8 @@ "observer.serial_number": "1606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "vpn", + "panw.panos.type": "SYSTEM", "service.type": "panw", "tags": [ "pan-os", @@ -273,6 +299,8 @@ "observer.serial_number": "1606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "ras", + "panw.panos.type": "SYSTEM", "service.type": "panw", "tags": [ "pan-os", @@ -293,6 +321,8 @@ "observer.serial_number": "1606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "general", + "panw.panos.type": "SYSTEM", "service.type": "panw", "tags": [ "pan-os", @@ -313,6 +343,8 @@ "observer.serial_number": "1606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "general", + "panw.panos.type": "SYSTEM", "service.type": "panw", "tags": [ "pan-os", @@ -333,6 +365,8 @@ "observer.serial_number": "01606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "general", + "panw.panos.type": "SYSTEM", "service.type": "panw", "tags": [ "pan-os", @@ -353,6 +387,8 @@ "observer.serial_number": "01606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "ras", + "panw.panos.type": "SYSTEM", "service.type": "panw", "tags": [ "pan-os", @@ -373,6 +409,8 @@ "observer.serial_number": "01606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "vpn", + "panw.panos.type": "SYSTEM", "service.type": "panw", "tags": [ "pan-os", @@ -393,6 +431,8 @@ "observer.serial_number": "01606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "routing", + "panw.panos.type": "SYSTEM", "service.type": "panw", "tags": [ "pan-os", @@ -413,6 +453,8 @@ "observer.serial_number": "01606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "ras", + "panw.panos.type": "SYSTEM", "service.type": "panw", "tags": [ "pan-os", @@ -433,6 +475,8 @@ "observer.serial_number": "01606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "routing", + "panw.panos.type": "SYSTEM", "service.type": "panw", "tags": [ "pan-os", @@ -453,6 +497,8 @@ "observer.serial_number": "01606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "general", + "panw.panos.type": "SYSTEM", "service.type": "panw", "tags": [ "pan-os", @@ -473,6 +519,8 @@ "observer.serial_number": "01606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "ras", + "panw.panos.type": "SYSTEM", "service.type": "panw", "tags": [ "pan-os", @@ -493,6 +541,8 @@ "observer.serial_number": "01606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "vpn", + "panw.panos.type": "SYSTEM", "service.type": "panw", "tags": [ "pan-os", @@ -513,6 +563,8 @@ "observer.serial_number": "01606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "routing", + "panw.panos.type": "SYSTEM", "service.type": "panw", "tags": [ "pan-os", @@ -533,6 +585,8 @@ "observer.serial_number": "01606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "ras", + "panw.panos.type": "SYSTEM", "service.type": "panw", "tags": [ "pan-os", @@ -553,6 +607,8 @@ "observer.serial_number": "01606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "vpn", + "panw.panos.type": "SYSTEM", "service.type": "panw", "tags": [ "pan-os", @@ -573,6 +629,8 @@ "observer.serial_number": "01606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "0", + "panw.panos.type": "CONFIG", "service.type": "panw", "tags": [ "pan-os", @@ -593,6 +651,8 @@ "observer.serial_number": "01606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "0", + "panw.panos.type": "CONFIG", "service.type": "panw", "tags": [ "pan-os", @@ -613,6 +673,8 @@ "observer.serial_number": "01606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "general", + "panw.panos.type": "SYSTEM", "service.type": "panw", "tags": [ "pan-os", @@ -633,6 +695,8 @@ "observer.serial_number": "01606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "ras", + "panw.panos.type": "SYSTEM", "service.type": "panw", "tags": [ "pan-os", @@ -653,6 +717,8 @@ "observer.serial_number": "01606001116", "observer.type": "firewall", "observer.vendor": "Palo Alto Networks", + "panw.panos.sub_type": "vpn", + "panw.panos.type": "SYSTEM", "service.type": "panw", "tags": [ "pan-os", @@ -730,6 +796,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json index 6f61cf168de..37735ccfce0 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json @@ -62,9 +62,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "lorexx.cn/loader.exe", + "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -154,9 +156,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "lsiu.info/evo/count.php?o=2", + "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -246,9 +250,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "lsiu.info/evo/count.php?o=5", + "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -338,9 +344,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "lsiu.info/evo/count.php?o=7", + "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -430,9 +438,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "lsiu.info/evo/exploits/x18.php?o=2&t=1241403746&i=1365814122", + "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -522,9 +532,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "lsiu.info/evo/exploits/x19.php?o=2&t=1241403746&i=1365814122", + "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -614,9 +626,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "liteautobestguide.cn/load.php", + "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -706,9 +720,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "liteautobestguide.cn/index.php", + "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -798,9 +814,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "litetopdetect.cn/index.php", + "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -890,9 +908,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "lkmpmlm.com/fff9999.php?aid=0&uid=6cbbc5081e7548e276611ff5059df6ed30c8f8f1&os=513", + "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -982,9 +1002,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "girlteenxxxfreemov.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -1074,9 +1096,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "imagesrepository.com/resolution.php", + "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -1166,9 +1190,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "hottestfiles.com/search/search.php?q=xxx", + "panw.panos.type": "THREAT", "panw.panos.url.category": "search-engines", "related.ip": [ "192.168.0.2", @@ -1257,9 +1283,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "infodist1.com/in.cgi?11¶meter=404", + "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -1349,9 +1377,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "cls-softwares.com/suc.php", + "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -1441,9 +1471,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "cls-softwares.com/softwarefortubeview.40013.exe", + "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -1529,9 +1561,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "findmorepill.com/klik/search.php?q=xxx", + "panw.panos.type": "THREAT", "panw.panos.url.category": "online-gambling", "related.ip": [ "192.168.0.2", @@ -1621,9 +1655,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "allowedwebsurfing.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -1713,9 +1749,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "antivirus-remote.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -1805,9 +1843,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "bklinkov.ru/hi/start.cfg", + "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -1897,9 +1937,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "blogsexnakedgirlxxx.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -1989,9 +2031,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "bklinkov.ru/hi/start.exe", + "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -2081,9 +2125,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "-/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -2173,9 +2219,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "-/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -2265,9 +2313,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "-/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -2357,9 +2407,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "-/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -2449,9 +2501,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "-/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -2541,9 +2595,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "-/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -2633,9 +2689,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "-/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -2725,9 +2783,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "-/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -2817,9 +2877,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "-/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -2909,9 +2971,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "-/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -3001,9 +3065,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "-/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -3089,9 +3155,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "wantfinest.com/tds/in.cgi?default", + "panw.panos.type": "THREAT", "panw.panos.url.category": "unknown", "related.ip": [ "192.168.0.2", @@ -3177,9 +3245,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "sameshitasiteverwas.com/traf/tds/in.cgi?2", + "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -3265,9 +3335,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "svarkon.ru/update.exe", + "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -3356,9 +3428,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "onlinescanxpp.com/land/eurl/1.php?code=", + "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -3444,9 +3518,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "nolagtime.com/conn/?JKV_1RWbUUdIfRUWUaITfdIfbREdYEYdfTTRI-6XBB_1WQR-6GF5_1AU-6LC6_1Y-gW-gEUQQ-gE-tsDF6K5D_rpX51_rR-t-66FC_1Q_fQ_fQ_fQ_fQ_fQ_fQ_fQ-62BG_1Q-672V_1YOR-6N8J_1Q-6252_1WQRR-69LV_1-65GZ_1W-6", + "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -3532,9 +3608,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "nolagtime.com/gwc.txt", + "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -3623,9 +3701,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "karavan.us/bon/index.php", + "panw.panos.type": "THREAT", "panw.panos.url.category": "unknown", "related.ip": [ "192.168.0.2", @@ -3711,9 +3791,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "findnolimits.com/go.php?sid=1", + "panw.panos.type": "THREAT", "panw.panos.url.category": "dead-sites", "related.ip": [ "192.168.0.2", @@ -3799,9 +3881,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "bizoplata.ru/moun.html", + "panw.panos.type": "THREAT", "panw.panos.url.category": "parked-domains", "related.ip": [ "192.168.0.2", @@ -3887,9 +3971,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "bizoplata.ru/palast.html", + "panw.panos.type": "THREAT", "panw.panos.url.category": "parked-domains", "related.ip": [ "192.168.0.2", @@ -3966,9 +4052,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "spyware", "panw.panos.threat.id": "13024", "panw.panos.threat.name": "Bredolab.Gen Command and Control Traffic", "panw.panos.threat.resource": "controller.php", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "204.232.231.46", @@ -4066,9 +4154,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "www.15min.it/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -4154,9 +4244,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "tubemov.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "adult-and-pornography", "related.ip": [ "192.168.0.2", @@ -4242,9 +4334,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "pagesinxt.com/?dn=teenstube.us&flrdr=yes&nxte=js", + "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -4330,9 +4424,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "movfree.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "spyware-and-adware", "related.ip": [ "192.168.0.2", @@ -4421,9 +4517,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "gometascan.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -4512,9 +4610,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "antivirus-powerful-scannerv2.com/download/Install_11-1.exe", + "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -4603,9 +4703,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "antivirus-powerful-scannerv2.com/1/?id=11-1&back==TQzyDTyMUQNMI=N", + "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -4694,9 +4796,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "basdzsdas.com/poker/config.bin", + "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -4785,9 +4889,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "basdzsdas.com/poker/config.bin", + "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -4867,9 +4973,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "file", "panw.panos.threat.id": "52020", "panw.panos.threat.name": "Windows Executable (EXE)", "panw.panos.threat.resource": "uLLGRaXP.exe", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "173.236.179.57", @@ -4967,9 +5075,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "basdzsdas.com/poker/config.bin", + "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -5049,9 +5159,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "file", "panw.panos.threat.id": "52020", "panw.panos.threat.name": "Windows Executable (EXE)", "panw.panos.threat.resource": "FunkyEmoticons_setup.exe", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "91.209.163.202", @@ -5140,9 +5252,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "file", "panw.panos.threat.id": "52020", "panw.panos.threat.name": "Windows Executable (EXE)", "panw.panos.threat.resource": "52hxw.exe", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "122.226.169.183", @@ -5239,9 +5353,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "softsellfast.com/test/config.bin", + "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -5321,9 +5437,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "file", "panw.panos.threat.id": "52020", "panw.panos.threat.name": "Windows Executable (EXE)", "panw.panos.threat.resource": "setup.exe", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "109.201.131.15", @@ -5409,9 +5527,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "file", "panw.panos.threat.id": "52020", "panw.panos.threat.name": "Windows Executable (EXE)", "panw.panos.threat.resource": "Live-Player_setup.exe", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "91.209.163.202", @@ -5506,9 +5626,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "boialex.narod.ru/config.txt", + "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -5594,9 +5716,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "edw-melon.narod.ru/config.txt", + "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -5682,9 +5806,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "maximtushin.narod.ru/config.txt", + "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -5764,9 +5890,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "file", "panw.panos.threat.id": "52020", "panw.panos.threat.name": "Windows Executable (EXE)", "panw.panos.threat.resource": "uLLGRaXP.exe", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "173.236.179.57", @@ -5864,9 +5992,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "marketingsoluchion.biz/fkn/config.bin", + "panw.panos.type": "THREAT", "panw.panos.url.category": "unknown", "related.ip": [ "192.168.0.2", @@ -5955,9 +6085,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "default.aspx", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.6", @@ -6037,9 +6169,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "sck.aspx", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "65.54.161.34", @@ -6128,9 +6262,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "ADSAdClient31.dll", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "65.55.5.231", @@ -6228,9 +6364,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "c.gif", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.6", @@ -6310,9 +6448,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "csi", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "74.125.239.17", @@ -6404,9 +6544,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "internal-tuner.pandora.com", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -6486,9 +6628,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "js", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "74.125.224.198", @@ -6574,9 +6718,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "file", "panw.panos.threat.id": "52020", "panw.panos.threat.name": "Windows Executable (EXE)", "panw.panos.threat.resource": "about.exe", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "188.190.124.75", @@ -6665,9 +6811,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "js", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "74.125.224.200", @@ -6753,9 +6901,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "js", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "74.125.239.3", @@ -6841,9 +6991,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "js", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "74.125.239.3", @@ -6929,9 +7081,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "js", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "74.125.224.200", @@ -7023,9 +7177,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "__utm.gif", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -7105,9 +7261,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "js", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "74.125.224.193", @@ -7193,9 +7351,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "nav_logo107.png", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "74.125.239.20", @@ -7281,9 +7441,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "Eadweard_Muybridge", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "208.80.154.225", @@ -7369,9 +7531,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "load.php", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "208.80.154.234", @@ -7457,9 +7621,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "8fe44cb728c0f40750c64ee906eb72.css", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "65.54.75.25", @@ -7548,9 +7714,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "js", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "74.125.224.206", @@ -7636,9 +7804,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "js", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "74.125.224.195", @@ -7724,9 +7894,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "appcast.xml", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "207.178.96.34", @@ -7815,9 +7987,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "js", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "74.125.224.195", @@ -7903,9 +8077,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "csi", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "74.125.239.20", @@ -7991,9 +8167,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "index.php", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "66.152.109.24", @@ -8082,9 +8260,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "js", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "74.125.224.200", @@ -8176,9 +8356,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "__utm.gif", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -8258,9 +8440,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "js", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "74.125.224.200", @@ -8346,9 +8530,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "js", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "74.125.224.200", @@ -8440,9 +8626,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "internal-tuner.pandora.com", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -8522,9 +8710,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "js", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "74.125.224.201", @@ -8610,9 +8800,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "js", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "74.125.224.201", @@ -8698,9 +8890,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "js", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "74.125.224.200", @@ -8786,9 +8980,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "js", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "74.125.224.200", @@ -8874,9 +9070,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "ga.js", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "74.125.224.198", @@ -8962,9 +9160,11 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "data", "panw.panos.threat.id": "60000", "panw.panos.threat.name": "PII", "panw.panos.threat.resource": "js", + "panw.panos.type": "THREAT", "panw.panos.url.category": "any", "related.ip": [ "74.125.224.200", diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json index 11116597ea6..587b481636f 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json @@ -70,6 +70,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -166,6 +168,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -262,6 +266,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -361,6 +367,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -460,6 +468,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -556,6 +566,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -652,6 +664,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -751,6 +765,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -850,6 +866,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -949,6 +967,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -1048,6 +1068,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -1147,6 +1169,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -1246,6 +1270,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -1345,6 +1371,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -1444,6 +1472,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -1543,6 +1573,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -1642,6 +1674,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -1741,6 +1775,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -1840,6 +1876,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -1936,6 +1974,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -2032,6 +2072,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -2131,6 +2173,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -2227,6 +2271,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -2326,6 +2372,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -2425,6 +2473,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -2524,6 +2574,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -2620,6 +2672,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -2716,6 +2770,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -2815,6 +2871,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -2914,6 +2972,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -3010,6 +3070,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -3109,6 +3171,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "search-engines", "related.ip": [ "192.168.0.2", @@ -3208,6 +3272,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -3304,6 +3370,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -3400,6 +3468,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -3499,6 +3569,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -3598,6 +3670,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -3694,6 +3768,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -3790,6 +3866,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -3884,6 +3962,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.100", @@ -3975,6 +4055,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "entertainment-and-arts", "related.ip": [ "192.168.0.2", @@ -4072,6 +4154,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "computer-and-internet-security", "related.ip": [ "192.168.0.100", @@ -4166,6 +4250,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -4265,6 +4351,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -4359,6 +4447,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.100", @@ -4453,6 +4543,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -4549,6 +4641,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -4648,6 +4742,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -4744,6 +4840,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -4840,6 +4938,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -4936,6 +5036,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -5032,6 +5134,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -5128,6 +5232,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.0.2", @@ -5227,6 +5333,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "search-engines", "related.ip": [ "192.168.0.2", @@ -5326,6 +5434,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -5422,6 +5532,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -5521,6 +5633,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -5617,6 +5731,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -5713,6 +5829,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -5812,6 +5930,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -5911,6 +6031,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -6007,6 +6129,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -6103,6 +6227,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -6199,6 +6325,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "entertainment-and-arts", "related.ip": [ "192.168.0.2", @@ -6295,6 +6423,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -6391,6 +6521,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -6487,6 +6619,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -6586,6 +6720,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -6682,6 +6818,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.0.2", @@ -6781,6 +6919,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -6877,6 +7017,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -6973,6 +7115,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -7072,6 +7216,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -7168,6 +7314,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -7264,6 +7412,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -7360,6 +7510,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -7459,6 +7611,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -7549,6 +7703,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -7648,6 +7804,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "search-engines", "related.ip": [ "192.168.0.2", @@ -7747,6 +7905,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "search-engines", "related.ip": [ "192.168.0.2", @@ -7837,6 +7997,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -7927,6 +8089,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -8026,6 +8190,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -8122,6 +8288,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -8218,6 +8386,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -8317,6 +8487,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -8413,6 +8585,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -8503,6 +8677,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -8599,6 +8775,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -8698,6 +8876,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -8794,6 +8974,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -8890,6 +9072,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -8986,6 +9170,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "entertainment-and-arts", "related.ip": [ "192.168.0.2", @@ -9085,6 +9271,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -9184,6 +9372,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -9283,6 +9473,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -9373,6 +9565,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -9472,6 +9666,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -9571,6 +9767,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", @@ -9670,6 +9868,8 @@ "panw.panos.source.nat.ip": "0.0.0.0", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", diff --git a/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json index 40105c59295..20c28165a42 100644 --- a/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json @@ -67,9 +67,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 37679, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -163,9 +165,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 28249, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -259,9 +263,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 63898, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -355,9 +361,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 7515, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -451,9 +459,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 3225, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -547,9 +557,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 60449, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -643,9 +655,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 60559, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -739,9 +753,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 47414, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -835,9 +851,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 37673, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -931,9 +949,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 8232, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -1027,9 +1047,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 32982, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -1123,9 +1145,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 10473, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -1219,9 +1243,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 20446, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -1315,9 +1341,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 34699, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -1411,9 +1439,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 22820, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -1507,9 +1537,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 41060, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -1603,9 +1635,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 9058, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -1699,9 +1733,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 54846, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -1795,9 +1831,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 52731, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -1891,9 +1929,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 15165, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -1987,9 +2027,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 53918, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "b.scorecardresearch.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -2083,9 +2125,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 40792, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -2179,9 +2223,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 54044, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -2275,9 +2321,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 19544, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -2371,9 +2419,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 13462, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -2467,9 +2517,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 44892, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -2563,9 +2615,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 16487, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -2659,9 +2713,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 23952, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -2755,9 +2811,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 2810, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -2851,9 +2909,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 13272, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -2947,9 +3007,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 8663, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -3043,9 +3105,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 55738, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -3139,9 +3203,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 10650, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -3235,9 +3301,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 44087, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -3331,9 +3399,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 15915, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -3427,9 +3497,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 41165, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "cdn.taboola.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -3526,9 +3598,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 54133, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "rules.quantcount.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -3625,9 +3699,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 8485, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -3724,9 +3800,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 12496, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -3823,9 +3901,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 17029, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -3922,9 +4002,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 23696, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -4021,9 +4103,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 34769, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -4120,9 +4204,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 22486, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -4219,9 +4305,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 12894, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -4318,9 +4406,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 62348, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -4417,9 +4507,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 6224, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -4516,9 +4608,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 44120, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -4615,9 +4709,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 44228, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -4714,9 +4810,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 31322, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -4813,9 +4911,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 1672, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "www.googleadservices.com/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -4909,9 +5009,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 20801, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -5005,9 +5107,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 24533, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -5101,9 +5205,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 30150, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -5197,9 +5303,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 36305, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -5293,9 +5401,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 42682, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -5389,9 +5499,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 22530, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -5485,9 +5597,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 43713, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -5581,9 +5695,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 60608, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -5677,9 +5793,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 9302, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -5773,9 +5891,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 11634, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -5872,9 +5992,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 30818, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -5971,9 +6093,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 64260, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -6070,9 +6194,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 7071, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -6169,9 +6295,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 4512, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -6268,9 +6396,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 3422, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -6367,9 +6497,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 4651, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -6466,9 +6598,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 19068, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -6565,9 +6699,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 5831, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -6664,9 +6800,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 7084, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -6763,9 +6901,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 18633, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -6862,9 +7002,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 25557, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -6961,9 +7103,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 20661, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -7060,9 +7204,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 65438, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -7159,9 +7305,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 53101, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -7258,9 +7406,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 35463, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -7357,9 +7507,11 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 45769, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", diff --git a/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json b/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json index 3d742b52ee2..60e5c4a2b29 100644 --- a/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json @@ -76,6 +76,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 16418, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "computer-and-internet-info", "related.ip": [ "192.168.15.207", @@ -180,6 +182,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -287,6 +291,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 51990, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "computer-and-internet-info", "related.ip": [ "192.168.15.207", @@ -391,6 +397,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -498,6 +506,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 15252, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.196", @@ -602,6 +612,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 40763, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "web-advertisements", "related.ip": [ "192.168.15.224", @@ -706,6 +718,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -810,6 +824,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 52881, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -914,6 +930,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 26654, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.207", @@ -1018,6 +1036,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 2486, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.207", @@ -1122,6 +1142,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 42021, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "computer-and-internet-info", "related.ip": [ "192.168.15.207", @@ -1226,6 +1248,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 24377, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.207", @@ -1330,6 +1354,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 48792, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.207", @@ -1434,6 +1460,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 2987, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.207", @@ -1538,6 +1566,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 6945, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.207", @@ -1642,6 +1672,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -1746,6 +1778,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 42208, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -1850,6 +1884,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 14660, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "web-advertisements", "related.ip": [ "192.168.15.224", @@ -1954,6 +1990,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 16483, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "web-advertisements", "related.ip": [ "192.168.15.224", @@ -2058,6 +2096,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.196", @@ -2162,6 +2202,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 5570, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "computer-and-internet-info", "related.ip": [ "192.168.15.224", @@ -2266,6 +2308,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 24430, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.207", @@ -2373,6 +2417,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 12122, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "start", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "computer-and-internet-info", "related.ip": [ "192.168.15.224", @@ -2478,6 +2524,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 49145, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "drop", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -2582,6 +2630,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "deny", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -2683,6 +2733,7 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 33110, "panw.panos.source.zone": "trust", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.210", @@ -2784,6 +2835,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 9299, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "test", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -2888,6 +2941,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 47194, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -2995,6 +3050,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 62921, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -3099,6 +3156,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -3203,6 +3262,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.210", @@ -3307,6 +3368,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 41958, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "web-advertisements", "related.ip": [ "192.168.15.224", @@ -3411,6 +3474,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 51374, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -3516,6 +3581,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 25566, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -3623,6 +3690,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 63757, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -3730,6 +3799,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 3803, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "computer-and-internet-info", "related.ip": [ "192.168.15.224", @@ -3834,6 +3905,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 34994, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -3938,6 +4011,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 38064, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -4045,6 +4120,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 42924, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "insufficient-content", "related.ip": [ "192.168.15.224", @@ -4148,6 +4225,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 58977, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "insufficient-content", "related.ip": [ "192.168.15.224", @@ -4255,6 +4334,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 64732, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -4359,6 +4440,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 58292, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "computer-and-internet-info", "related.ip": [ "192.168.15.224", @@ -4466,6 +4549,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 32209, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "computer-and-internet-info", "related.ip": [ "192.168.15.224", @@ -4573,6 +4658,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 38822, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "computer-and-internet-info", "related.ip": [ "192.168.15.224", @@ -4677,6 +4764,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 16044, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -4781,6 +4870,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 56614, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -4888,6 +4979,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 53168, "panw.panos.source.zone": "untrust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -4992,6 +5085,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 28012, "panw.panos.source.zone": "xtrust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "computer-and-internet-info", "related.ip": [ "192.168.15.224", @@ -5095,6 +5190,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 16050, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "computer-and-internet-info", "related.ip": [ "192.168.15.224", @@ -5195,6 +5292,8 @@ "panw.panos.source.interface": "ethernet1/2", "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 0, + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -5299,6 +5398,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 61722, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -5403,6 +5504,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 14247, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -5507,6 +5610,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 33580, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -5611,6 +5716,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 13498, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -5715,6 +5822,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 20365, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -5819,6 +5928,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 61464, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -5923,6 +6034,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 42877, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.196", @@ -6027,6 +6140,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 5918, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -6131,6 +6246,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 28944, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -6235,6 +6352,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 13415, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -6339,6 +6458,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 2489, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -6443,6 +6564,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 49328, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -6547,6 +6670,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 36036, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -6654,6 +6779,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 33744, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -6758,6 +6885,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 45809, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -6862,6 +6991,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 3675, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -6966,6 +7097,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 5787, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -7070,6 +7203,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 12342, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -7174,6 +7309,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 18729, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -7281,6 +7418,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 57858, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "computer-and-internet-info", "related.ip": [ "192.168.15.224", @@ -7385,6 +7524,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 2722, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -7489,6 +7630,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 6674, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -7596,6 +7739,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 37427, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -7700,6 +7845,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 22408, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -7804,6 +7951,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 27899, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -7908,6 +8057,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 52939, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -8012,6 +8163,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 42907, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.195", @@ -8115,6 +8268,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 19658, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.196", @@ -8218,6 +8373,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 64352, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -8321,6 +8478,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 60126, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -8426,6 +8585,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 59771, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -8530,6 +8691,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 35748, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -8634,6 +8797,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 63701, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -8738,6 +8903,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 57872, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -8845,6 +9012,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 37581, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -8952,6 +9121,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 19226, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -9059,6 +9230,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 61721, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -9163,6 +9336,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 10098, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "web-advertisements", "related.ip": [ "192.168.15.224", @@ -9270,6 +9445,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 4564, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -9377,6 +9554,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 32104, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -9484,6 +9663,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 14172, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -9591,6 +9772,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 10286, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -9698,6 +9881,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 30799, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -9802,6 +9987,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 13490, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -9906,6 +10093,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 0, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -10010,6 +10199,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 53751, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -10114,6 +10305,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 21643, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -10218,6 +10411,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 22446, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -10322,6 +10517,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 22301, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", @@ -10426,6 +10623,8 @@ "panw.panos.source.nat.ip": "192.168.1.63", "panw.panos.source.nat.port": 58124, "panw.panos.source.zone": "trust", + "panw.panos.sub_type": "end", + "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224",