Web Session ASIM parser for Palo Alto Networks URL Filtering

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to ASIM Index

---

Parser Information

Property	Value
Parser Name	ASimWebSessionPaloAltoCEF
Built-in Parser	_ASim_WebSession_PaloAltoCEF
Schema	WebSession
Schema Version	0.2.5
Parser Type	🔌 Source (product-specific)
Product	Palo Alto Networks
Parser Version	0.2 (version history)
Last Updated	Mar 12 2023
Unifying Parser	ASimWebSession
Source File	Parsers\ASimWebSession\Parsers\ASimWebSessionPaloAltoCEF.yaml

Description

This ASIM parser supports normalizing Palo Alto PanOS threat event logs delivered using CEF to the ASIM WebSession normalized schema. The Palo Alto threat events are generated by the Palo Alto URL filtering module and collected using the Palo Alto Networks connectors, Common Event Format (CEF) via AMA connector, or the Common Event Format (CEF) via Legacy Agent connector to the CommonSecurityLog table.

Source Tables

This parser reads from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
CommonSecurityLog	DeviceEventClassID == "url" DeviceProduct == "PAN-OS" DeviceVendor == "Palo Alto Networks"	✓	✓	?

Parameters

Name	Type	Default
disabled	bool	False

Associated Connectors

The following connectors provide data for this parser:

Connector	Solution
CefAma	Common Event Format
CloudNSSAuditLogs_ccp	Zscaler Internet Access
CloudNSSCASBActivityLogs_ccp	Zscaler Internet Access
CloudNSSCASBCRMLogs_ccp	Zscaler Internet Access
CloudNSSCASBCloudStorageLogs_ccp	Zscaler Internet Access
CloudNSSCASBCollabLogs_ccp	Zscaler Internet Access
CloudNSSCASBEmailLogs_ccp	Zscaler Internet Access
CloudNSSCASBFileSharingLogs_ccp	Zscaler Internet Access
CloudNSSCASBITSMLogs_ccp	Zscaler Internet Access
CloudNSSCASBRepoLogs_ccp	Zscaler Internet Access
CloudNSSDNSLogs_ccp	Zscaler Internet Access
CloudNSSEmailDLPLogs_ccp	Zscaler Internet Access
CloudNSSEndpointDLPLogs_ccp	Zscaler Internet Access
CloudNSSFWLogs_ccp	Zscaler Internet Access
CloudNSSTunnelLogs_ccp	Zscaler Internet Access
CloudNSSWebLogs_ccp	Zscaler Internet Access
VirtualMetricDirectorProxy	VirtualMetric DataStream
VirtualMetricMSSentinelConnector	VirtualMetric DataStream
VirtualMetricMSSentinelDataLakeConnector	VirtualMetric DataStream

Solutions: Common Event Format, VirtualMetric DataStream, Zscaler Internet Access

References

• ASIM Web Session Schema
• ASIM
• URL Filter fields
• Palo Alto Common Event Format Integration Guide [pdf]

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to ASIM Index