Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Custom Log V1 | Yes 🔶 — uses type-suffixed column names |
| Ingestion API Supported | ✓ Yes |
Source: KQL validation test schema
| Column Name | Type |
|---|---|
| _BilledSize | string |
| _IsBillable | string |
| _ResourceId | string |
| _SubscriptionId | string |
| _timestamp_d | real |
| action | string |
| Day_s | int |
| FirewallName_s | string |
| host_s | string |
| Hour_s | int |
| ident_s | string |
| Message | string |
| Min_s | int |
| Month_s | int |
| pri_s | int |
| RawData | string |
| Sec_s | int |
| SourceSystem | string |
| TenantId | string |
| time_s | string |
| TimeGenerated | datetime |
| Type | string |
| Year_s | int |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| Azure CloudNGFW By Palo Alto Networks |
In solution Azure Cloud NGFW By Palo Alto Networks:
In solution Azure Cloud NGFW By Palo Alto Networks:
| Hunting Query | Selection Criteria |
|---|---|
| Palo Alto - high-risk ports | |
| Palo Alto - potential beaconing detected |
In solution Azure Cloud NGFW By Palo Alto Networks:
| Workbook | Selection Criteria |
|---|---|
| CloudNGFW-NetworkThreat | |
| CloudNGFW-Overview |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊