All Apps and Add-ons

Splunk for Palo Alto

lazhar
New Member

Hi,

I am using Splunk for Palo Alto application to collect and correlate logs coming from my PANs, i am able now to see the 4 types of Palo Alto Logs (Threat, Traffic, Configuration and System),
Now that i have my Threat Dashboard and reports, i would like to differentiate virus, spyware and vulnerabilities logs, How can i do this?

Thanks
Lazhar

Tags (1)
0 Karma
1 Solution

MarioM
Motivator

One of the app's field extraction is "log_subtype" which contains those different types:

Then you could filter your searches on those

sourcetype="pan_threat" log_subtype="vulnerability" OR log_subtype="virus" OR log_subtype="spyware" | top dst_user by log_subtype

OR

filter on each one of those

sourcetype="pan_threat" log_subtype="vulnerability" | top dst_user by app

View solution in original post

MarioM
Motivator

One of the app's field extraction is "log_subtype" which contains those different types:

Then you could filter your searches on those

sourcetype="pan_threat" log_subtype="vulnerability" OR log_subtype="virus" OR log_subtype="spyware" | top dst_user by log_subtype

OR

filter on each one of those

sourcetype="pan_threat" log_subtype="vulnerability" | top dst_user by app
Get Updates on the Splunk Community!

Splunk Smartness with Brandon Sternfield | Episode 3

Hello and welcome to another episode of "Splunk Smartness," the interview series where we explore the power of ...

Monitoring Postgres with OpenTelemetry

Behind every business-critical application, you’ll find databases. These behind-the-scenes stores power ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...