I spoke with an engineer about this. The name is a unique identifier for the device from which the user connected to PAM, with either the PAM Client or a browser. It is intended to be difficult to identify, in order to prevent someone from counterfeiting data sent to Threat Analytics. There are several fields that PAM sends to Threat Analytics that help to identify the device. One is the Operating System, which you can see on the Device page. One more field is the IP address, which you can see when you click on the device identifier. Some of the other pieces of human readable data to let you understand where the information comes from are as follows:
s.userID AS userId,
s.remote_addr AS remoteIpAddress,
s.private_addr AS privateIpAddress,
s.public_addr AS publicIpAddress,
s.machineID as machineId,
s.os AS clientOs, s.version,
s.u_name AS sessionUserName.
I am not sure where each of these may be found, or if they all can be. If you need anything further I will reach out to the Threat Analytics team and will ask for their help.