Palo Alto Networks · JSON Structure

Cortex Xdr Api Audit Log Structure

An audit management log entry recording an administrative action.

Type: object Properties: 9
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

AuditLog is a JSON Structure definition published by Palo Alto Networks, describing 9 properties. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.

Properties

timestamp actor_primary_username actor_email actor_type sub_type result reason ip description

Meta-schema: https://json-structure.org/meta/core/v0/#

JSON Structure

Raw ↑ 
{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/cortex-xdr-api-audit-log-structure.json",
  "name": "AuditLog",
  "description": "An audit management log entry recording an administrative action.",
  "type": "object",
  "properties": {
    "timestamp": {
      "type": "int32",
      "description": "Action timestamp as Unix epoch milliseconds."
    },
    "actor_primary_username": {
      "type": "string",
      "description": "Username of the administrator who performed the action."
    },
    "actor_email": {
      "type": "string"
    },
    "actor_type": {
      "type": "string",
      "enum": [
        "User",
        "API"
      ]
    },
    "sub_type": {
      "type": "string",
      "description": "Action subtype (e.g., Login, Logout, Policy Update)."
    },
    "result": {
      "type": "string",
      "enum": [
        "SUCCESS",
        "FAIL"
      ]
    },
    "reason": {
      "type": "string",
      "description": "Failure reason if result is FAIL."
    },
    "ip": {
      "type": "string",
      "description": "Source IP address of the action."
    },
    "description": {
      "type": "string"
    }
  }
}