05-24-2023 08:01 AM
I am trying to understand Palo Alto XDR logs fetched using API(XQL Query).
I am using dataset as xdr_data, want to know what all event_types can come under this dataset.
For ex: EVENT_LOG.
What are the possible values we can get in the field event_type when using dataset=xdr_data.
I want to use event_type in the filter of XQL query, that is why I want to know the possible values.
Any help would appreciate.
05-31-2023 03:02 AM
You may refer to XQL schema reference guide to know the fields of xdr_data dataset along with their description here. Additionally when you create XQl query you get values like Autofill to select for that field, so either you may select from that or when write it will show the available value. As shared in below screenshot for reference:
Hope this helps!
06-02-2023 06:32 AM
Thank you for your response. This does help me in understanding the schema, however the value I am using in event_type in XQL query does not match with the possible values provided in schema.
Also, I am using postman to query API, autofill values I don't get.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!