Palo Alto Networks · Schema

AuditLog

An audit management log entry recording an administrative action.

Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

Properties

Name Type Description
timestamp integer Action timestamp as Unix epoch milliseconds.
actor_primary_username string
actor_email string
actor_type string
sub_type string Action subtype (e.g., Login, PolicyUpdate, DatasourceCreate).
result string
reason string
ip string
description string
View JSON Schema on GitHub

JSON Schema

cortex-xsiam-api-audit-log-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "AuditLog",
  "description": "An audit management log entry recording an administrative action.",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/cortex-xsiam-api-audit-log-schema.json",
  "type": "object",
  "properties": {
    "timestamp": {
      "type": "integer",
      "description": "Action timestamp as Unix epoch milliseconds."
    },
    "actor_primary_username": {
      "type": "string"
    },
    "actor_email": {
      "type": "string"
    },
    "actor_type": {
      "type": "string",
      "enum": [
        "User",
        "API"
      ]
    },
    "sub_type": {
      "type": "string",
      "description": "Action subtype (e.g., Login, PolicyUpdate, DatasourceCreate)."
    },
    "result": {
      "type": "string",
      "enum": [
        "SUCCESS",
        "FAIL"
      ]
    },
    "reason": {
      "type": "string"
    },
    "ip": {
      "type": "string"
    },
    "description": {
      "type": "string"
    }
  }
}