Hi,
I am using Splunk for Palo Alto application to collect and correlate logs coming from my PANs, i am able now to see the 4 types of Palo Alto Logs (Threat, Traffic, Configuration and System),
Now that i have my Threat Dashboard and reports, i would like to differentiate virus, spyware and vulnerabilities logs, How can i do this?
Thanks
Lazhar
One of the app's field extraction is "log_subtype" which contains those different types:
Then you could filter your searches on those
sourcetype="pan_threat" log_subtype="vulnerability" OR log_subtype="virus" OR log_subtype="spyware" | top dst_user by log_subtype
OR
filter on each one of those
sourcetype="pan_threat" log_subtype="vulnerability" | top dst_user by app
One of the app's field extraction is "log_subtype" which contains those different types:
Then you could filter your searches on those
sourcetype="pan_threat" log_subtype="vulnerability" OR log_subtype="virus" OR log_subtype="spyware" | top dst_user by log_subtype
OR
filter on each one of those
sourcetype="pan_threat" log_subtype="vulnerability" | top dst_user by app