- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would like to borrow the wisdom of the Palo Alto experienced person.
Which data model does PaloAlto's threat (including URL Filtering) correspond to? "Intrusion Detection"?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The PA firewall supports a number of Datamodels - Network Traffic, Network Sessions, Malware, Web .
If you install the Splunk Add on for Palo Alto and look at the default/tags.conf and eventtypes.conf, you can see all the event grouping and tags corresponding to the datamodel.
The events - threat/traffic all depends on the license for the modules which you may have on the PA.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Documentation from Palo now breaks out each sourcetype into it's intended CIM datamodel.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The PA firewall supports a number of Datamodels - Network Traffic, Network Sessions, Malware, Web .
If you install the Splunk Add on for Palo Alto and look at the default/tags.conf and eventtypes.conf, you can see all the event grouping and tags corresponding to the datamodel.
The events - threat/traffic all depends on the license for the modules which you may have on the PA.
