I am using the Splunk for Palo Alto App in order to send threat logs from our Palo Alto Devices.
I was interested in making a custom alert in Splunk that would email the user that is generating the threat alert so they are aware of it.
I know that external lookup tables can be used to make a reference database that will bind the username to the email.
But from there, not sure how I can generate the alert. I would want the alert to trigger for a username and then lookup the email address in the external lookup table and then send an alert to that user's email address.