action
ad_name
alert_id
always_on_configuration
analyst_verdict 
api_name
api_type
app_activity_type
application
application_risk
auth_method
authentication_type
bgp_cato_asn
bgp_cato_ip
bgp_error_code
bgp_peer_asn
bgp_peer_ip
bgp_route_cidr
bypass_duration_sec
bypass_method
bypass_reason
categories
client_cert_expires
client_cert_name
client_class
client_version
configured_host_name
congestion_algorithm
connect_on_boot
connector_name
connector_status
connector_type
custom_category
dest_country
dest_country_code
dest_ip
dest_is_site_or_vpn
dest_port
dest_site_name
detection_name
device_certificate
device_name
device_posture_profiles
directory_ip
directory_sync_result
directory_sync_type
dlp_fail_mode
dlp_profiles
dlp_scan_types
dns_protection_category
dns_query
domain_name
dst_pid
dst_process_cmdline
dst_process_parent_path
dst_process_parent_pid
dst_process_path
egress_pop_name
egress_site_name
email_subject
endpoint_id
epp_engine_type
epp_profile
event_count
event_message
event_sub_type
event_type
file_hash
file_name
file_size
file_type
final_object_status
flows_cardinality
host_mac
http_request_method
indication
initial_object_status
internalId
ip_protocol
is_compliant
is_sanctioned_app
ISP_name
key_name
link_health_is_congested
link_health_jitter
link_health_latency
link_type
login_type
matched_data_types
mitre_attack_subtechniques
mitre_attack_tactics
mitre_attack_techniques
network_access
office_mode
os_type
os_version
owner
pac_file
pop_name
producer
public_ip
qos_priority
qos_reported_time
recommended_actions
registration_code
risk_level
rule
rule_id
severity
sign_in_event_types
signature_id
socket_interface
socket_new_version
socket_old_version
socket_role
split_tunnel_configuration
src_country
src_country_code
src_ip
src_is_site_or_vpn
src_isp_ip
src_pid
src_port
src_process_cmdline
src_process_parent_path
src_process_parent_pid
src_process_path
src_site_name
static_host
status
story_id
subnet_name
targets_cardinality
tcp_acceleration
tenant_id
tenant_name
threat_name
threat_reference
threat_type
threat_verdict
time
tls_error_description
tls_error_type
tls_inspection
tls_rule_name
tls_version
traffic_direction
trigger
trusted_networks
upgrade_end_time
upgrade_initiated_by
upgrade_start_time
url
user_agent
user_awareness_method
user_name
user_sid
vendor
visible_device_id
vpn_lan_access
vpn_user_email
xff