All Apps and Add-ons

Clustered indexers installation of Splunk_TA_paloalto

tom_monkhouse
New Member

Hi,

I am receiving the following validation error when installing the Palo add-on, on our clusters indexer (through master-apps):

Invalid key in stanza [pantag] in /opt/splunk/etc/master-apps/Splunk_TA_paloalto/default/alert_actions.conf, line 18: param._cam  (value:  {
    "category" :   ["Information Conveyance"],
    "task" :       ["create", "delete", "allow", "block"],
    "subject" :    ["network.firewall"],
    "technology" : [{"vendor":"Palo Alto Networks", "product":"Firewall"}],
    "drilldown_uri" : "../myapp/myview?form.sid=$orig_sid$&form.rid=$orig_rid$",
    "supports_adhoc" : true
}).
;       Invalid key in stanza [panwildfiresubmit] in /opt/splunk/etc/master-apps/Splunk_TA_paloalto/default/alert_actions.conf, line 38: param._cam  (value:  {
    "category" :   ["Information Gathering"],
    "task" :       ["scan"],
    "subject" :    ["process.sandbox"],
    "technology" : [{"vendor":"Palo Alto Networks", "product":"WildFire"}],
    "drilldown_uri" : "../myapp/myview?form.sid=$orig_sid$&form.rid=$orig_rid$",
    "supports_adhoc" : true
}).

Does anyone know what may be causing this, or if I need to remove these two stanza by creating a local/alert_actions.conf file and copying everything but these over?

Thanks in advance,
Tom

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In January, the Splunk Threat Research Team had one release of new security content via the Splunk ES Content ...

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...