| Field Name | Definition |
| appsite | Friendly name for a Website or Application |
| authtype | |
| blocked | This occurs because the user is not authorized to access the site, that is, his access has been “blocked.” However, it can also be caused by technical anomalies, for example, “page not found by server.” |
| bytes | Number of total bytes (transmit and receive) for the session. |
| category | Describes the content of a Web page that was visited. |
| classification | User defined classification for the website content that was visited. Values could be any of the following: Acceptable, Unacceptable and Neutral |
| clientin | |
| clientout | |
| contenttype | Refers to an HTTP header field that specifies the type of data contained in the body of an HTTP request or response. Values could be any of the following: jpeg, mpeg, pdf, html, css, etc. |
| datetime | Date time stamp associated with each recrod hit |
| domain | A fully qualified domain name (FQDN) is a complete and unambiguous domain name that specifies the exact location of a specific resource on the internet. |
| group | Organizational groups are structured in a hierarchical manner, forming a tree-like structure. |
| hit | Number of records (represents a record count) |
| identity | |
| ip | Source IP Address |
| network | |
| outboundip | Destination IP Address |
| proxyport | |
| refererdomain | HTTP header field that indicates the URL or domain from which a user navigated to the current page. |
| resultcode | HTTP status codes that are used to indicate the result or status of an HTTP request made to a web server. Some commonly encountered codes are: 200 OK, 404 Not Found, etc. |
| searchterms | Search query or keyword, refers to the specific words or phrases that a user enters into a search engine to find information on a particular topic. |
| serverin | |
| serverout | |
| source | |
| timeonline | An approximation of the time that a user spends on the Internet. Wavecrest’s Smart Engine algorithms can produce the most accurate time online measurement. |
| user | Field refers to the information recorded about the user associated with a specific network connection or traffic event. |
| useragent | HTTP header field sent by a web browser or other client software when making a request to a web server. It identifies the client’s software, version, and other relevant information to help the server understand the capabilities and requirements of the client. |
| visit | A click action for the purpose of visiting a Web site. One click equals one request for a Web page. |
Panel
| Field Name | Definition |
| action | Action taken for the session; values are alert, allow, deny, drop, drop-all-packets, reset-client, reset-server, reset-both, block-url. |
| action_source | Specifies whether the action taken to allow or block an application was defined in the application or in policy. The actions can be allow, deny, drop, reset- server, reset-client or reset-both for the session. |
| application | Application associated with the session. |
| application_category | The application category specified in the application configuration properties. |
| application_risk | Risk level associated with the application (1=lowest to 5=highest). |
| application_saas | Displays yes if a SaaS application or no if not a SaaS application. |
| application_subcategory | The application subcategory specified in the application configuration properties. |
| application_technology | The application technology specified in the application configuration properties. |
| bytes | Number of total bytes (transmit and receive) for the session. |
| category | Describes the content of a Web page that was visited. |
| contenttype | Refers to an HTTP header field that specifies the type of data contained in the body of an HTTP request or response. Values could be any of the following: jpeg, mpeg, pdf, html, css, etc. |
| datetime | Date time stamp associated with each recrod hit |
| dest_country | Destination country or Internal region for private addresses. |
| dest_ip | Original session destination IP address. |
| dest_zone | Zone the session was destined to. |
| deviceLogType | |
| direction | Indicates the direction of the attack, client-to-server or server-to-client |
| group | Organizational groups are structured in a hierarchical manner, forming a tree-like structure. |
| hit | Number of records (represents a record count) |
| http2_connection | Identifies if traffic used an HTTP/2 Connection or not |
| identity | |
| ip | Original session source IP address. |
| ip_protocol | IP protocol associated with the session. |
| port | Destination port utilized by the session. |
| recordName | |
| referrer | |
| results | |
| rule | Name of the rule that the session matched. |
| severity | |
| source | |
| source_zone | Zone the session was sourced from. |
| threat_category | Describes threat categories used to classify different types of threat signatures. |
| Threat_contenttype | Subtype of the threat and traffic log |
| threat_id | Palo Alto Networks identifier for known and custom threats. |
| type | Specifies the type of log; |
| url | |
| user | Field refers to the information recorded about the user associated with a specific network connection or traffic event. |
| useragent | HTTP header field sent by a web browser or other client software when making a request to a web server. It identifies the client’s software, version, and other relevant information to help the server understand the capabilities and requirements of the client. |
After logging into the visualizer you will be presented with a default blank dashboard. To start adding reports panels to your new dashboard please follow the below instructions:
- Click “Add New Panel” to get started.
- On the next screen, “New Panel,” you will be presented with two options:
- Create From Template: As you create panels you will have the option of creating a new panel based on an existing template you previously created.
- Create New Panel: Select this option to build a new panel.
How to create a panel filter:
- You will first have to configure your “Data Source” before you can create your first filter.
- Select “Filtering” tab on the panel configuration screen.
- Click “Add Filter.” Note: The first created filter “Logic” field is locked as the “AND” operator.
- Select whether the filter should “include” or “exclude” your field.
- Select the match logic to use on your field.
- If you are just adding a single panel filter, click “Add.” If additional panel filters are needed, click “Add + New.”
To print a panel, follow these instructions:
- Click the arrow next to the panel title “
“. - On the Panel actions popup click “Print Chart.”
- The chart will now appear in its own browser tab.
- Use the browser print options to either print or save as PDF.
To build a new panel follow the below steps:
- At the upper left of the screen you will find a list of available Data Types. Drag-n-drop the Data Type you would like your panel to use into the “Data Source” field.
- Note: A default bar chart will automatically load and a list of fields from this data type will populate the space on the left.
- Select the type of chart you would like to display your data.
- Drag-n-drop the fields you want to chart into Metrics and Dimensions.
- Click “Save” to add this panel to the dashboard.