Solved: Re: Can Splunk for Palo Alto Networks app index da...

ctheidea · ‎07-15-2014

Sorry I'm Splunk newbie.

I have Palo Alto Logs into Splunk (realtime).

I'm installed Splunk for Palo Alto Networks and Config without WildFire Config.

Can I use this app without WildFire. ( I mean Splunk for Pal Alto Network can index data from Palo Alto Networks without WildFire? )

Sorry my English, I'm learning 🙂

Thankyou

barakreeves · ‎07-15-2014

You do not need a WildFire account to get good value out of the PaloAlto Network app for Splunk. The app will work great without the subscription. Remember, at anytime, you can correlate PaloAlto Network data with any other data source, such as AD or Windows security EventLogs by going into search and type: index=pan_logs OR index=msad

Happy Splunking,
Barak

View solution in original post

barakreeves · ‎07-15-2014

You do not need a WildFire account to get good value out of the PaloAlto Network app for Splunk. The app will work great without the subscription. Remember, at anytime, you can correlate PaloAlto Network data with any other data source, such as AD or Windows security EventLogs by going into search and type: index=pan_logs OR index=msad

Happy Splunking,
Barak

ctheidea · ‎07-15-2014

Thank you for advice 🙂

Can Splunk for Palo Alto Networks app index data on my network without WildFire?

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...