What is the CEF severity mapping for syslog forwarding in Cortex Data Lake?

What is the CEF severity mapping for syslog forwarding in Cortex Data Lake?

1568
Created On 08/28/23 23:37 PM - Last Modified 06/10/25 21:53 PM


Question


What is the CEF severity mapping for syslog forwarding in Cortex Data Lake?

Environment


  • Cortex Data Lake
  • Syslog Forwarding with CEF format
  • Common Event Format (CEF)

Answer


CEF format severity mapping is different form the PAN-OS.
Here is the mapping for CEF format:
SevirityCEF format severity
Informational1
Low3
Medium5
High7
Critical9
Everything else3

Additional Information


  • CEF format severity in Cortex Data Lake Syslog Forwarding is different from the PAN-OS severity value.
  • Example, PAN-OS defines "High" severity value as "4". But the severity in CEF format shows "7".
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000XgHICA0&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail