All Apps and Add-ons

Wildfire API Requests seems to be broken


Hello Team,

I try to setup the Wildfire API Report download.
Prerequesists are met, so API Key is setup, and we get Wildfire Logs through syslog.

While debugging I notice the following safedsearch is triggered:
search = pan_wildfire verdict="malicious" | panwildfirereport | table wildfire_report | rename wildfire_report AS _raw | collect index=main sourcetype=pan:wildfire_report

I see two issues, pan_wildfire alias seems not to work without an index, and the script stores the result in the main index, which should be empty.

I am wondering if anybody get this working?
Python.log is shows no entries.

Kind regards

0 Karma


Are you using the add-on to collect the logs and the apps?

I have used the add-on and used another index to receive traffic and threat feeds from PaloAlto IPS

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!