Palo Alto Panorama Traffic
Collect traffic logs from your Palo Alto Panorama.
Ingest Methods
RunReveal offers the following ways to ingest Palo Alto Panorama Traffic logs:
If using an AWS S3 bucket use the following SNS topic ARN to send your bucket notifications.
arn:aws:sns:<REGION>:253602268883:runreveal_palo_panorama_trafficReplace <REGION> with the AWS region where your S3 bucket is located (e.g., us-east-1, us-west-2, eu-west-1).
Schema
The following columns are exposed for this source. RunReveal applies schema normalization across all sources, ensuring uniform field names and data types for cross-source queries and reusable detection logic.
Table: panorama_traffic_logs (78 columns)
panorama_traffic_logs (78 columns)| Column | Type |
|---|---|
workspaceID | String |
sourceID | String |
sourceType | LowCardinality(String) |
sourceTTL | UInt32 |
receivedAt | DateTime |
id | String |
eventTime | DateTime |
eventName | String |
eventID | String |
srcIP | String |
srcASCountryCode | String |
srcASNumber | UInt32 |
srcASOrganization | String |
srcCity | String |
srcConnectionType | String |
srcISP | String |
srcLatitude | Float64 |
srcLongitude | Float64 |
srcUserType | String |
dstIP | String |
dstASCountryCode | String |
dstASNumber | UInt32 |
dstASOrganization | String |
dstCity | String |
dstConnectionType | String |
dstISP | String |
dstLatitude | Float64 |
dstLongitude | Float64 |
dstUserType | String |
actor | Map(String, String) |
tags | Map(String, String) |
resources | Array(String) |
serviceName | String |
readOnly | Bool |
rawLog | String |
ReceiveTime | DateTime |
SerialNumber | String |
LogType | String |
Subtype | String |
| Column | Type |
|---|---|
TimeGenerated | DateTime |
SrcAddr | String |
DstAddr | String |
NatSrcAddr | String |
NatDstAddr | String |
RuleName | String |
SrcUser | String |
DstUser | String |
App | String |
Vsys | String |
From | String |
To | String |
InboundIf | String |
OutboundIf | String |
LogSet | String |
SessionID | UInt32 |
RepeatCnt | UInt32 |
SrcPort | UInt32 |
DstPort | UInt32 |
NatSrcPort | UInt32 |
NatDstPort | UInt32 |
Flags | String |
Proto | String |
Action | String |
Bytes | UInt32 |
BytesSent | UInt32 |
BytesReceived | UInt32 |
Packets | UInt32 |
StartTime | DateTime |
ElapsedTime | UInt32 |
Category | String |
SeqNo | UInt32 |
ActionFlags | String |
SrcLoc | String |
DstLoc | String |
PktsSent | UInt32 |
PktsReceived | UInt32 |
SessionEndReason | String |
DeviceName | String |