Solved: Re: Splunk for Palo Alto

lazhar · ‎08-03-2011

Hi,

I am using Splunk for Palo Alto application to collect and correlate logs coming from my PANs, i am able now to see the 4 types of Palo Alto Logs (Threat, Traffic, Configuration and System),
Now that i have my Threat Dashboard and reports, i would like to differentiate virus, spyware and vulnerabilities logs, How can i do this?

Thanks
Lazhar

MarioM · ‎08-03-2011

One of the app's field extraction is "log_subtype" which contains those different types:

Then you could filter your searches on those

sourcetype="pan_threat" log_subtype="vulnerability" OR log_subtype="virus" OR log_subtype="spyware" | top dst_user by log_subtype

OR

filter on each one of those

sourcetype="pan_threat" log_subtype="vulnerability" | top dst_user by app

View solution in original post

MarioM · ‎08-03-2011

One of the app's field extraction is "log_subtype" which contains those different types:

Then you could filter your searches on those

sourcetype="pan_threat" log_subtype="vulnerability" OR log_subtype="virus" OR log_subtype="spyware" | top dst_user by log_subtype

OR

filter on each one of those

sourcetype="pan_threat" log_subtype="vulnerability" | top dst_user by app

Splunk for Palo Alto

OpenTelemetry for Legacy Apps? Yes, You Can!

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

.conf25 Community Recap

Are you a member of the Splunk Community?

Splunk for Palo Alto

OpenTelemetry for Legacy Apps? Yes, You Can!

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

.conf25 Community Recap