All Apps and Add-ons

CIM datamodel mapping for PaloAlto threat (including URL Filtering) log

HiroshiSatoh
Champion

I would like to borrow the wisdom of the Palo Alto experienced person.
Which data model does PaloAlto's threat (including URL Filtering) correspond to? "Intrusion Detection"?

0 Karma
1 Solution

lakshman239
SplunkTrust
SplunkTrust

The PA firewall supports a number of Datamodels - Network Traffic, Network Sessions, Malware, Web .

If you install the Splunk Add on for Palo Alto and look at the default/tags.conf and eventtypes.conf, you can see all the event grouping and tags corresponding to the datamodel.

The events - threat/traffic all depends on the license for the modules which you may have on the PA.

View solution in original post

DEAD_BEEF
Builder

Documentation from Palo now breaks out each sourcetype into it's intended CIM datamodel.

lakshman239
SplunkTrust
SplunkTrust

The PA firewall supports a number of Datamodels - Network Traffic, Network Sessions, Malware, Web .

If you install the Splunk Add on for Palo Alto and look at the default/tags.conf and eventtypes.conf, you can see all the event grouping and tags corresponding to the datamodel.

The events - threat/traffic all depends on the license for the modules which you may have on the PA.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...