Does anyone know how to retrive an updated version of the csv files that define apps, threats, and services listed under 'lookups'? I would like to keep everything up to date if possible.
We have been Palo Alto customers for years and I have never seen this. I opened up a case with them and they said they have yet to implement it. Maybe I am just looking in the wrong place. Thanks for your help though
Palo Alto customers receive an email with the latest threat file with a subject of "Application and Threat Content Update". the email contains a zip attachment, app-threat-db.zip. extracting the zip creates app-threat-db directory with applist.csv and threatlist.csv files. rename the files to app_list.csv and threat_list.csv (with underscores) and move them to the lookup folder for your app, $SPLUNK_HOME/etc/apps/SplunkforPaloAltoNetworks/lookups/