Palo Alto Networks · Schema

XdrDataPayload

The payload structure for XDR data forwarding from integrated Palo Alto Networks products. Contains product identification, tenant context, event identification, and the forwarded telemetry content for correlation in the XSIAM unified data lake.

Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

Properties

Name	Type	Description
dataset	string	The target XSIAM dataset name for the forwarded XDR data.
vendor	string	The Palo Alto Networks product vendor designation for the forwarding source. Typically 'Palo Alto Networks'.
product	string	The specific Palo Alto Networks product forwarding XDR data, such as Cortex XDR Agent, PAN-OS, Prisma Access, or Strata Logging Service.
log_type	string	The XDR data type or telemetry category being forwarded (e.g., xdr_data, endpoint_event, network_event).
raw_log	string	The raw XDR telemetry content as serialized JSON from the forwarding product. Contains all available event fields from the source product's data model.
timestamp	string	The ISO 8601 date-time string indicating when the XDR event was captured by the source product.
tenant_id	string	The XSIAM tenant identifier to which this XDR data belongs. Ensures forwarded data is routed to the correct tenant environment in multi-tenant deployments.
event_id	string	A unique identifier for this forwarded XDR event, used for deduplication, correlation, and audit trail tracking.

View JSON Schema on GitHub