I would like to borrow the wisdom of the Palo Alto experienced person.
Which data model does PaloAlto's threat (including URL Filtering) correspond to? "Intrusion Detection"?
The PA firewall supports a number of Datamodels - Network Traffic, Network Sessions, Malware, Web .
If you install the Splunk Add on for Palo Alto and look at the default/tags.conf and eventtypes.conf, you can see all the event grouping and tags corresponding to the datamodel.
The events - threat/traffic all depends on the license for the modules which you may have on the PA.
Documentation from Palo now breaks out each sourcetype into it's intended CIM datamodel.
The PA firewall supports a number of Datamodels - Network Traffic, Network Sessions, Malware, Web .
If you install the Splunk Add on for Palo Alto and look at the default/tags.conf and eventtypes.conf, you can see all the event grouping and tags corresponding to the datamodel.
The events - threat/traffic all depends on the license for the modules which you may have on the PA.