Palo Alto Networks · Schema

EventDataPayload

The payload structure for pre-normalized event data ingestion directly into the XSIAM data lake. Contains all required routing metadata plus the normalized event content for direct dataset indexing.

Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

Properties

Name	Type	Description
dataset	string	The target XSIAM dataset name for direct indexing. Must match an existing dataset schema in the XSIAM data lake.
vendor	string	The vendor that produced the source event data.
product	string	The product that generated the source event.
log_type	string	The log type or event category identifier for schema selection during indexing.
raw_log	string	The original raw event content from the source system, preserved alongside normalized fields for audit and reprocessing purposes.
timestamp	string	The ISO 8601 date-time string indicating when the original event occurred at the source system.
tenant_id	string	The XSIAM tenant identifier for multi-tenant data routing.
event_id	string	A unique identifier for this event record used for deduplication and correlation reference.

View JSON Schema on GitHub